sb-nz logo
Story image

Cyber criminals targeting the gaming industry at an alarming rate

New research from Akamai shows the gaming community is quickly becoming one of the most highly targeted industries for cyber attacks, with hackers largely driven by gaining consumer credentials.

The report titled State of the Internet / Security Web Attacks and Gaming Abuse reveals that 12 billion credential stuffing attacks hit gaming websites within a 17 month period (Nov 2017-March 2019), with Australia eighth globally in the top target countries for this form of attack.

During this period, the report states there were 55 billion credential stuffing attacks across all industries tracked.

These attacks indicate that the gaming industry is becoming one of the most lucrative targets for criminals, and points to an active and rapidly evolving underground economy, driven by data breaches and credential abuse.

Akamai security researcher and editorial director of the State of the Internet / Security Report, Martin McKeay, says, ''One reason that we believe the gaming industry is an attractive target for hackers is because criminals can easily exchange in-game items for profit."

''Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target," he says.

Many credential stuffing attacks are directly linked to SQL Injection (SQLi) attacks. Akamai says many credential stuffing lists available on the darknet and forums use data from large data breaches, with SQLi as a root cause.

As such, it’s unsurprising that the report also shows SQLi attacks now represent 65.1% of all web application attacks. Local File Inclusion (LFI) attacks accounted for 24.7%.

The report shows there was a spike of SQLi attacks during the 2018 holiday season, and since this time these attacks have continued to increase. Prior to this, in Q1 of 2017, SQLi attacks accounted for 44% of all application layer attacks.

According to Akamai, early 2019, researchers from the company found a video where viewers were taught how to conduct SQLi attacks against vulnerable websites, and then use the credentials obtained to generate lists that can be leveraged in credential stuffing attacks against a popular online game.

In one example an attack described in the report, is where criminals target popular games looking for valid accounts and unique skins, which are used to change the appearance of an item in a video game. Once a player's account is successfully hacked, it can then be traded or sold.

According to Akamai, hackers appear to place more value on compromised accounts that are connected to a valid credit card or other financial resources. Once these accounts are compromised, the criminal can purchase additional items, such as currency used within the game, and then trade or sell the hijacked account at a markup.

McKeay says, ''While gaming companies continue to innovate and improve their defenses, these organisations must also continue to help educate their consumers on how to protect and defend themselves. Many gamers are young, and if they are taught best practices to safeguard their accounts, they will incorporate those best practices for the rest of their lives.”

Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More